Miscellaneous plugins not yet categorized.
| Plugin/Function | Type | Description |
|---|---|---|
| all | Function | Returns TRUE if all items are true |
| any | Function | Returns TRUE if any items are true |
| client_create | Function | Create a new client in the data store |
| create_notebook_download | Function | Creates a notebook export zip file |
| delay | Plugin | Executes ‘query’ and delays relaying the rows by the specified number of seconds |
| delete_events | Plugin | Delete all the files that make up a flow |
| delete_flow | Plugin | Delete all the files that make up a flow |
| efivariables | Plugin | Enumerate efi variables |
| entropy | Function | Calculates shannon scale entropy of a string |
| flow_logs | Plugin | Retrieve the query logs of a flow |
| get_flow | Function | Gets flow details |
| gunzip | Function | Apply Gunzip to the data |
| hunt_delete | Plugin | Delete a hunt |
| hunt_update | Function | Update a hunt |
| lru | Function | Creates an LRU object |
| lzxpress_decompress | Function | Decompress an lzxpress blob |
| Function | Send Email to a remote server | |
| mock_clear | Function | Resets all mocks |
| mock_replay | Function | Replay recorded calls on a mock |
| monitoring_logs | Plugin | Retrieve log messages from client event monitoring for the specified client id and artifact |
| org | Function | Return the details of the current org |
| org_create | Function | Creates a new organization |
| org_delete | Function | Deletes an Org from the server |
| orgs | Plugin | Retrieve the list of orgs on this server |
| passwd | Function | Updates the user’s password |
| pe_dump | Function | Dump a PE file from process memory |
| pk_decrypt | Function | Decrypt files using pubkey encryption |
| pk_encrypt | Function | Encrypt files using pubkey encryption |
| process_tracker | Function | Install a global process tracker |
| process_tracker_all | Function | Get all processes stored in the tracker |
| process_tracker_callchain | Function | Get a call chain from the global process tracker |
| process_tracker_children | Function | Get all children of a process |
| process_tracker_get | Function | Get a single process from the global tracker |
| process_tracker_pslist | Plugin | List all processes from the process tracker |
| process_tracker_tree | Function | Get the full process tree under the process id |
| process_tracker_updates | Plugin | Get the process tracker update events from the global process tracker |
| pskill | Function | Kill the specified process |
| query | Plugin | Evaluate a VQL query |
| rekey | Function | Causes the client to rekey and regenerate a new client ID |
| remap | Function | Apply a remapping configuration to the root scope |
| repack | Function | Repack and upload a repacked binary or MSI to the server |
| server_frontend_cert | Function | Get Server Frontend Certificate |
| tlsh_hash | Function | Calculate the tlsh hash of a file |
| trace | Function | Upload a trace file |
| upload_azure | Function | Upload files to Azure Blob Storage Service |
| upload_smb | Function | Upload files using the SMB file share protocol |
| user | Function | Retrieves information about the Velociraptor user |
| user_grant | Function | Grants the user the specified roles |
| vfs_ls | Plugin | List directory and build a VFS object |
| write_jsonl | Plugin | Write a query into a JSONL file |